- They’ve been hacked by this person
- They hate this person and what to get revenge
- They want to spy and snoop on people
- They want to delete an email they accidently sent to someone
- They’re bored
- They want to be a hacker
In this post, I will tell you some steps you can perform to hack someone’s email account, hack someone’s Facebook account, or hack other online accounts such as Twitter, or LinkedIn. I’m not going to go into depth of each of these services, but tell you the general techniques you can use. The second part of this article will show you some tools in which you can learn how to hack and take down websites.
Hacking Online AccountsHacking online accounts usually requires you to guess the targets password, or to try and their password for a particular service such as Facebook, Gmail, or Hotmail. Usually, if you can get into their email account, you can get into other services they have like their online banking accounts. So how can I break in?
Guess the Target’s PasswordThe first approach to do is to simply try to guess their password. So if you are trying to break into someone’s email account, go to Hotmail, Gmail (or their other email provider), and type their email address in for the username, and start guessing his or her password.
Here are a few common passwords you can try:
- Common passwords such as:
- Other most used passwords
- Personal information such as:
- Where they lived
- Their name
- Pet’s name
- Street they live on
- Girlfriend/boyfriend name
- Data of birth
- Place they work
- Phone numbers
- A favourite TV show
- Favourite band
- Favourite food
- Best friend
- Favourite character
- Other passwords you know they have used
Forgot Password LinkMost people gain access to others people’s accounts through the forgot password link. By using this method, they will know someone has hacked their account, as they cannot log in because you have changed their password on them. So you only have until they reset their password (using the same method as you just did), or if you really hate them, you can change their secrete question, phone numbers or secondary email accounts answers so they can never log in again. However, with Facebook, and even Gmail, they can still regain access by providing friends and recently contacted people.
Social EngineeringSocial Engineering is a great way to get access to someone’s account. For example, if you try to reset someone’s password for their email account, and their secrete question is “what is your mother’s maiden name” or “what was the first street you lived in”, you can find this out just by talking to them and asking the right question.
Therefore, if you’re not sure what the targets mother’s maiden name is, ask them subliminally. Start by talking to them about something irrelevant, and steer the conversion to their family history and see if you can determine their mother’s maiden name. Do this for the other secrete questions you may have to answer as well. With this step, you have to be careful, as you don’t want them to trigger what you are up to. Once you have the answers you are looking for, just go to the Forgot Password link and you should be able to log in.
The other thing you could do, if you have the skill is to create a phony website that could either look like Facebook or Hotmail, or a site where they can claim something if they enter their username and password. Alternatively, create a site saying, “I can hack someone’s Facebook account for you, just give me your password”. It’s really amazing how many people fall for this tactic.
Steal Their PhoneIf your target has their phone lying around, try to get access to it. Usually, people are already logged into their email and Facebook accounts so it should be easy to change their password on their phone. It could be hard to get unlocked access to their phone, but you can prepare by getting a video uploaded onto Facebook, get them to start watching it, and then get them to leave while you continue watching it. Make sure the video doesn’t have sound though, and while they are gone, change their password. They will not know a thing. First, check their account settings on Facebook to ensure notifications are switched off. It’s very risky tactic, unless they lose their phone or you temporarily steal it – provided you know their access code to get onto their phone.
Go on their computerIf you visit their house, ask if you could check your email on their computer. Don’t check your email, but check theirs and change your password. They may derive a conclusion, but you could get short-term access (even if you don’t change their password). If you only need to read or delete their emails, you have plenty of time to do it.
While you are at it, open up their password manager and take a photo of their passwords with their phones. Make sure you know where to find it first so you don’t waste any time looking for the settings. The other thing you can do is install a Keylogger on their computer and get it to send you the logs via email.
Words of Advice
- Don’t be obvious
- Cover your tracks so you don’t get caught (if you know how to)
- Don’t hack someone’s account who is technologically smarter then you
- Know the system first, especially if the site sends email notifications
- It’s most likely illegal
Hacking WebsitesHacking a website is different to what is instructed above. To be able to hack websites, you need to know how to code. So if you don’t know how to code, this step will be a lot harder, or impossible for you. Nevertheless, continue to read as you might learn something.
There are many ways you can hack a site:
- Viewing page source or modifying URL’s
- Exploiting their code with injections or including other files
- Through SQL Injection attacks
- URL manipulation
- Uploading of malicious data
- Cross Site Scripting (XSS)
- Through cryptography
- Software cracking
- and using many more ways
Viewing the page sourceBy viewing the source of the website, you may able to understand how the code works and what it is doing behind the scenes. It will give you clues on what sort of hacking technique you should try. In some very low secured site, it might even tell you the username and password to login.
SQL InjectionsSQL Injections is probably one of the easiest and most effective ways into hacking sites. If you know how SQL statements work, you can easily change it to match your needs. For example, a SQL statement for a PHP based website could be SELECT * FROM USERS WHERE ADMIN = “$username” AND PASSWORD = “$password”;
The PHP variables $username and $password will be assigned the values the user entered into the username and password textboxes. If the user correctly enters the correct username and password, they query will return a result, thus logging you in. However, instead of entering the username and password, we can inject some SQL and modify the query result. For example, we can enter fdfdfd in the username field, and gdgfd” OR “1″ = “1 in the password field. By doing this, the query will be SELECT * FROM USERS WHERE ADMIN = “fdfdfd ” AND PASSWORD = “gdgfd” OR “1″ = “1″;
This statement will return true because 1 is equal to 1 and will grant us access.
Other possibilities are to try depending on the SQL Query are:
- ‘ or 1=1–
- ” or 1=1–
- or 1=1–
- ‘ or ‘a’='a
- ” or “a”=”a
- ‘) or (‘a’='a
URL ManipulationSometimes you can hack a site just by modifying a URL to get what you want. For example, you can change the URL to /admin or /administrator to access the administrator section, or ?accessgroup=2 to 1 to change your permission level. However, all sites are unique and this is just an example.
SpoofingIt’s possible to hack sites through spoofing information. This could be changing your referral data, change your IP address from one country to a different country so you can access services not available in your country, or simply to change your Cookie information to pretend to be someone else.
Words of Advice
- It’s challenging
- It’s likely illegal
- Sites might keep logs and will track you down
How can I learn to hack?If after reading this, learning how to hack is something you may find interesting, there is a really good site called Enigma Group that will allow you to practice your skills and practice on realistic scenarios to learn how to be a hacker. So visit the site, register, and see how you can go completing some of the basic skills. Keep in mind; some of them are hard, even for experienced security experts.
So, has your view changed on hacking after reading this? Is it easier or harder than you first thought?